[2022年01月] 問題集練習試験問題学習ガイドは200-201試験合格させます
200-201問題集には練習試験問題解答
質問 90
Which step in the incident response process researches an attacking host through logs in a SIEM?
- A. detection and analysis
- B. eradication
- C. preparation
- D. containment
正解: A
質問 91
What is the practice of giving an employee access to only the resources needed to accomplish their job?
- A. separation of duties
- B. need to know principle
- C. principle of least privilege
- D. organizational separation
正解: C
質問 92
Which type of evidence supports a theory or an assumption that results from initial evidence?
- A. corroborative
- B. probabilistic
- C. indirect
- D. best
正解: A
解説:
Section: Security Policies and Procedures
質問 93
What does cyber attribution identity in an investigation?
- A. exploit of an attack
- B. cause of an attack
- C. threat actors of an attack
- D. vulnerabilities exploited
正解: C
質問 94
What are two differences in how tampered and untampered disk images affect a security incident? (Choose two.)
- A. The image is tampered if the stored hash and the computed hash match
- B. Tampered images are used in the incident recovery process
- C. Untampered images are used in the security investigation process
- D. Tampered images are used in the security investigation process
- E. The image is untampered if the stored hash and the computed hash match
正解: C,E
質問 95
Refer to the exhibit.
Which application protocol is in this PCAP file?
- A. SSH
- B. TLS
- C. TCP
- D. HTTP
正解: D
質問 96
Refer to the exhibit.
Which type of log is displayed?
- A. NetFlow
- B. IDS
- C. proxy
- D. sys
正解: D
質問 97
An analyst received an alert on their desktop computer showing that an attack was successful on the host. After investigating, the analyst discovered that no mitigation action occurred during the attack. What is the reason for this discrepancy?
- A. The computer has a NIPS installed on it.
- B. The computer has a NIDS installed on it.
- C. The computer has a HIDS installed on it.
- D. The computer has a HIPS installed on it.
正解: C
質問 98
One of the objectives of information security is to protect the CIA of information and systems. What does CIA mean in this context?
- A. confidentiality, identity, and availability
- B. confidentiality, integrity, and authorization
- C. confidentiality, identity, and authorization
- D. confidentiality, integrity, and availability
正解: D
質問 99
An engineer discovered a breach, identified the threat's entry point, and removed access. The engineer was able to identify the host, the IP address of the threat actor, and the application the threat actor targeted. What is the next step the engineer should take according to the NIST SP 800-61 Incident handling guide?
- A. Recover from the threat.
- B. Identify lessons learned from the threat.
- C. Analyze the threat.
- D. Reduce the probability of similar threats.
正解: D
質問 100
What is the difference between a threat and a risk?
- A. Threat represents a potential danger that could take advantage of a weakness in a system
- B. Threat represents a state of being exposed to an attack or a compromise, either physically or logically.
- C. Risk represents the nonintentional interaction with uncertainty in the system
- D. Risk represents the known and identified loss or danger in the system
正解: A
解説:
Explanation
A threat is any potential danger to an asset. If a vulnerability exists but has not yet been exploited-or, more importantly, it is not yet publicly known-the threat is latent and not yet realized.
質問 101
What is the difference between the ACK flag and the RST flag in the NetFlow log session?
- A. The ACK flag confirms the receipt of the prior segment, and the RST flag allows for the spontaneous termination of a connection
- B. The RST flag confirms the beginning of the TCP connection, and the ACK flag responds when the data for the payload is complete
- C. The ACK flag confirms the beginning of the TCP connection, and the RST flag responds when the data for the payload is complete
- D. The RST flag confirms the receipt of the prior segment, and the ACK flag allows for the spontaneous termination of a connection
正解: A
質問 102
What does cyber attribution identify in an investigation?
- A. exploit of an attack
- B. cause of an attack
- C. threat actors of an attack
- D. vulnerabilities exploited
正解: C
質問 103
Which technology on a host is used to isolate a running application from other applications?
- A. sandbox
- B. application allow list
- C. host-based firewall
- D. application block list
正解: A
質問 104
Which HTTP header field is used in forensics to identify the type of browser used?
- A. host
- B. referrer
- C. user-agent
- D. accept-language
正解: C
解説:
Section: Network Intrusion Analysis
Explanation/Reference:
質問 105
An analyst received a ticket regarding a degraded processing capability for one of the HR department's servers. On the same day, an engineer noticed a disabled antivirus software and was not able to determine when or why it occurred. According to the NIST Incident Handling Guide, what is the next phase of this investigation?
- A. Detection
- B. Eradication
- C. Analysis
- D. Recovery
正解: A
質問 106
Why is encryption challenging to security monitoring?
- A. Encryption analysis is used by attackers to monitor VPN tunnels.
- B. Encryption introduces larger packet sizes to analyze and store.
- C. Encryption is used by threat actors as a method of evasion and obfuscation.
- D. Encryption introduces additional processing requirements by the CPU.
正解: C
解説:
Section: Security Concepts
質問 107
An engineer received an alert affecting the degraded performance of a critical server. Analysis showed a heavy CPU and memory load. What is the next step the engineer should take to investigate this resource usage?
- A. Run "ps -u" to find out who executed additional processes that caused a high load on a server.
- B. Run "ps -ef" to understand which processes are taking a high amount of resources.
- C. Run "ps -m" to capture the existing state of daemons and map required processes to find the gap.
- D. Run "ps -d" to decrease the priority state of high load processes to avoid resource exhaustion.
正解: C
質問 108
What is an attack surface as compared to a vulnerability?
- A. the sum of all paths for data into and out of the environment
- B. the individuals who perform an attack
- C. an exploitable weakness in a system or its design
- D. any potential danger to an asset
正解: C
解説:
Explanation
An attack surface is the total sum of vulnerabilities that can be exploited to carry out a security attack. Attack surfaces can be physical or digital. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access.
質問 109
One of the objectives of information security is to protect the CIA of information and systems.
What does CIA mean in this context?
- A. confidentiality, identity, and availability
- B. confidentiality, integrity, and authorization
- C. confidentiality, identity, and authorization
- D. confidentiality, integrity, and availability
正解: D
質問 110
What is a benefit of agent-based protection when compared to agentless protection?
- A. It lowers maintenance costs
- B. It collects and detects all traffic locally
- C. It manages numerous devices simultaneously
- D. It provides a centralized platform
正解: B
解説:
Explanation
Host-based antivirus protection is also known as agent-based. Agent-based antivirus runs on every protected machine. Agentless antivirus protection performs scans on hosts from a centralized system. Agentless systems have become popular for virtualized environments in which multiple OS instances are running on a host simultaneously. Agent-based antivirus running in each virtualized system can be a serious drain on system resources. Agentless antivirus for virtual hosts involves the use of a special security virtual appliance that performs optimized scanning tasks on the virtual hosts. An example of this is VMware's vShield.
質問 111
Refer to the exhibit.
An engineer is analyzing this Cuckoo Sandbox report for a PDF file that has been downloaded from an email. What is the state of this file?
- A. The file has an embedded executable and was matched by PEiD threat signatures for further analysis.
- B. The file has an embedded non-Windows executable but no suspicious features are identified.
- C. The file was matched by PEiD threat signatures but no suspicious features are identified since the signature list is up to date.
- D. The file has an embedded Windows 32 executable and the Yara field lists suspicious features for further analysis.
正解: D
質問 112
......
Cisco 200-201 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
無料CyberOps Associate 200-201試験問題:https://www.jpntest.com/shiken/200-201-mondaishu